Business Data Connectivity Model - For integration BDC(Business Data catalog ) features. It will be used for integration with multiple systems

Event Receiver - This project can be used for Alerts and notification

List Definition - To create and publish SharePoint list

Many more…

Last but not the least very powerful feature is WSP builder.
With the SharePoint groups we realize that one SharePoint group (Like “Contributor”) will have limitations to handle 15,000 + users. Transactions and access to the SharePoint sites will highly impact in terms of low performance for handling more users. Some time it crashes. If we manage this using AD groups, this limitations can be avoided. However still does it make sense to create so many roles in AD and provide transactions to the AD group? I am sure it is not.
With SharePoint there are three ways to handle roles:

SharePoint Groups

AD Groups

Claim based authorization

SharePoint’s security boundaries are of four ways –

Individual User: From any system perspective, giving individual permissions is not feasible, considering the amount of users it has.

SharePoint Group

Active Directory (AD) Group.

Claim based Authorization

Claim based authorization: This feature is really new and it is more flexible to use. In your organization if roles are handled differently then claims can be created for those roles and login user (Windows or form based) can get access to the sites, sources based on this claims. Further at the SharePoint items level, folder level, Web parts level permission can be assigned based on this role.
There all real time business scenarios which can be handled using Claim based authorization.

Providing role based access to different systems in an organization based on claims.

Providing role based access to the Services if you have SOA enabled architecture

Syncing between multiple ((like CRM, Task Management, PeopleSoft, SAP etc) role based system in an organization. In any system with different groups and hierarchy.

SharePoint 2010 claims:
SharePoint Claims can be created by writing custom claim provider to create claims for all roles defined in different system and provide access to the Site based on this claims. Existing restricted Roles can be migrated to Claims in SharePoint i.e. only those roles which are really required by SharePoint UI.
Claims provider in SharePoint 2010 is can be used for to do claims augmentation (adding more attributes to claims) and to provide name resolution.
Picture here :
Implementation steps for claims in SharePoint 2010
You need to perform following implementation activities to provide claims in SharePoint.

Create Claim provider

Consumed services in claims (if claims are required to be fetched from different systems).

Populate claims inside SP People Picker

At Web application given permissions depends on claims

Objective Create Provider class for generating claims
Design

Create custom class that inherits from SPClaimProvider class.

To add claim in SharePoint for login user, need to implement FillClaimsForEntity method, this method will consume the RHMS service and retrieve roles and this roles acts as claim in SharePoint.

To Populates all the claims in People picker, need to implements FillSearch method, this method fetch all the roles from RHMS and show in people picker depend on search criteria.

To resolve all the claims in People piker, need to implements FillResolve method, this method fetch all the roles from RHMS and show in people picker depend on search criteria.

Link for claim based implementation http://myspserver:8587/sites/CRM/Pages/HRWorkspace2.aspx

Custom Claim provider Class Diagram:

Follow below steps to create your own custom provider:

Create new project as class library and add references of “Microsoft.Identitymodel”, “Microsoft.SharePoint” and “Microsoft.SharePoint.Security” dlls.

Create custom class that inherit from SPClaimProvider class, and override all the required methods.

Create console application to deploy the custom claim provider on the SP farm. This application will used below class to deploy custom claim provider.

SPClaimProviderManager and SPClaimProviderDefinition

Then Create claim based application, then try to add permission from people picker, Will get all claim return from the custom claim provider. Example: Give permission for specific web part in web part gallery, Add claim in the users using people picker, then this web part will visible to only those user having added claim.

Share

About the Author

10+ years of IT Design and development experience in Skills like ASP.NET, SharePoint 2007/2010, SQL server. As a part of Role I do architecture design, patterns design for different architectures in project. Recently I implemented SOA based architecture for SharePoint and PeopleSoft Apps integration.

My core strength is SharePoint. I also worked on SQL Server BI(SSRS,SSAS,SSIS).

To achieve possibly role based security for Web services. You can even use claim based authorization technique. You can follow below steps to achieve this:
1. Configure system to use Kerberos Authentication
2. Implement claim based Role Based Authorization Model. Follow below steps
a. Keep one repository for storing Role in an organization
b. Develop custom Role provider(Refer above article for this)
c. Develop a custom principal object (Organization specific) which can be configure at a custom authorization policy